[Webkit-unassigned] [Bug 170055] htdigestparser fails out early when malformed entries are found
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 24 10:00:27 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=170055
--- Comment #7 from Alexey Proskuryakov <ap at webkit.org> ---
One surprisingly common scenario in which it is important to parse configs strictly is to protect against a vulnerability where an attacker has partial control over their content. E.g. they could put arbitrary content there, but only with some prefix.
So I don't think that being forgiving is desirable.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170324/9f929d7e/attachment.html>
More information about the webkit-unassigned
mailing list